Well, the SQL statements aren't turned into anything other than the text that they are. It's the CF tags and functions that are transformed into calls and references to underlying java objects. So you can't achieve perfect obfuscation, no.
I should add that some may note that there are tools that can further obfuscate java code, too, but I'm pretty sure they work from java source, and we don't get the intermediate Java source. (Well, there was an option for that in CF 6, but it was removed in 6.1--http://kb2.adobe.com/cps/191/tn_19191.html.) So this seems the closest you'll get to protecting your code. Is the fact that someone on the server can see the SQL in a CFML page a really significant security concern? Again, this is only someone who has physical access to the server and the CF source code directory. Is there real intellectual property value in the SQL, versus the rest of the CFML code? /charlie -----Original Message----- From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of SAMARIS Software Sent: Tuesday, May 12, 2009 10:10 PM To: cfaussie@googlegroups.com Subject: [cfaussie] Re: Protecting Programmers Code and IP Located On Clients Server Hi Charlie, I have tried the compiling of some code and yes when I view the compiled code there are clearly sections of the code that do not represent CF code at all however at the same time there are other areas that clearly reflect cf code eg syntax used in the cfqueries I was expecting the compiled code to have no visual similarity to the actual original source code. Regards Claude Raiola --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
